Security Researcher Discovers Vulnerability in Legal AI Platform Exposing 100k+ Confidential Files
By
bearsyankees
Baker's choice. Dense with flavour, light on filler.
Summary
A security researcher discovered a major vulnerability in Filevine, a billion-dollar legal AI platform, that exposed over 100,000 confidential legal documents. The researcher found that Filevine's API was improperly configured, allowing unauthorized access to sensitive case files, contracts, and legal documents without authentication. The vulnerability was responsibly disclosed to Filevine, who quickly patched the issue. The article details the technical discovery process, the ethical approach to disclosure, and the broader implications for security in legal tech platforms.
Key quotes
· 4 pulledFilevine allowed me to disclose this vulnerability and it should not become weaponized against them – that just drives companies to hide vulnerabilities instead of being transparent about them.
Upon discovering this vulnerability on October 27, 2025, I immediately reached out to Filevine's security team.
The API was improperly configured, allowing unauthorized access to sensitive case files, contracts, and legal documents without authentication.
These things happen to every big company routinely but often the person finding the vulnerability is paid and signs an NDA.
You might also wanna read
GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery
GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m
The Verge·1mo ago
Microsoft's NLWeb Protocol Faces Early Security Flaw, Exposing Sensitive Data
Researchers discovered a critical vulnerability in Microsoft's NLWeb protocol, which was recently introduced as a revolutionary tool for int
The Verge·9mo ago